CVE-2025-2470 - Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability
CVE ID : CVE-2025-2470
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2470
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2986 - IBM Maximo Asset Management Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-2986
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2986
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3912 - WordPress WS Form LITE Unauthorized Data Access Vulnerability
CVE ID : CVE-2025-3912
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3912
Published : April 25, 2025, 12:15 p.m. | 27 minutes ago
Description : The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3625 - Moodle Authentication Bypass
CVE ID : CVE-2025-3625
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3625
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3627 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3627
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3627
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3628 - Moodle Anonymous Assignment De-Anonymization Vulnerability
CVE ID : CVE-2025-3628
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3628
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3635 - Moodle CSRF Tour Duplicating Vulnerability
CVE ID : CVE-2025-3635
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3635
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3636 - Moodle RSS Feed Access Vulnerability
CVE ID : CVE-2025-3636
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3636
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3637 - Moodle CSRF Information Disclosure
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3638 - Moodle CSRF in Brickfield Tool
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3640 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3641 - Moodle Dropbox Repository Remote Code Execution Vulnerability
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3642 - Moodle EQUELLA Remote Code Execution Vulnerability
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3643 - Moodle Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3644 - Moodle Course Section Deletion Privilege Escalation Vulnerability
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3645 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3647 - Moodle Information Disclosure
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43016 - JetBrains Rider Unvalidated Archive Unpacking Vulnerability
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43862 - Dify APP Orchestration Privilege Escalation Vulnerability
CVE ID : CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46432 - JetBrains TeamCity Base64 Credentials Exposure
CVE ID : CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46433 - JetBrains TeamCity Path Traversal Vulnerability
CVE ID : CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...